Unifi Protect
CVE-2026-21634
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart.
Affected Products: UniFi Protect Application (Version 6.1.79 and earlier).
Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
AnalysisAI
UniFi Protect Application versions 6.1.79 and earlier suffer from a buffer overflow in the discovery protocol that allows adjacent network attackers to trigger denial of service by causing the application to restart. The vulnerability requires network proximity but no authentication or user interaction, making it exploitable by any attacker on the same network segment. Administrators should upgrade to version 6.2.72 or later to remediate this issue.
Technical ContextAI
Classified as CWE-119 (Buffer Overflow). Affects Unifi Protect. A malicious actor with access to the adjacent network could overflow the UniFi Protect Application (Version 6.1.79 and earlier) discovery protocol causing it to restart.
Affected Products: UniFi Protect Application (Version 6.1.79 and earlier).
Mitigation: Update your UniFi Protect Application to Version 6.2.72 or later.
RemediationAI
Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.
More in Unifi Protect
View allA vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained
UniFi Protect Camera versions 6.1.79 and earlier contain an authentication bypass in their discovery protocol that allow
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allow
A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role an
An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed unauthenticated attacke
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today